Former US Official: Edward Snowden Was Too Brilliant To Work For The NSA

from the well,-that's-comforting dept

As the leaks and stories about the NSA's massive surveillance programs continue to breach the levees, the responses garnered by the government are perhaps as instructive as the leaks themselves. For instance, when the NSA itself comments are so fallaciously dismissive of public concern, we know that they're equal parts liars and demagogues. Also, when our public representatives have the kind of relationship with the NSA normally reserved for abused spouses, we learn how ignorant and codependent so much of Washington is. And, when President Obama's administration puts sympathetic insiders on the board set to review all of these programs and their abuses, it teaches us that the man holding the highest office in our land thinks we're all very, very stupid.

But what of Snowden himself? How do those experienced in government view him. Well, according to this fascinating report that details how Snowden got his hands on those documents, some think he was absolutely brilliant and that being so smart should have disqualified him for the job.

“Every day, they are learning how brilliant [Snowden] was,” said a former U.S. official with knowledge of the case. “This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

My, how comforting. Here's the deal: if you are going to run a data-collection program on most of the known world, including on your own people, you damn well better have the smartest, most brilliant people you can find involved. The wrong-headed thinking that there are people too smart to work for your organization is tipping the scales towards epic. Perhaps brilliant people lock security down better so that thousands of system administrators can't get their hands on roughly all the documents. Maybe brilliant people devise better ways to get the intelligence so greedily sought after without running afoul of our commanding national legal document. And, hey, just maybe enough brilliant people in the room would have resulted in a program that wasn't so foul, wasn't so ripe for abuse, and wasn't using what is commonly considered to be decades-old technology and procedures.

Jason Healey, a former cyber-security official in the Bush Administration, said the Defense Department and the NSA have “frittered away years” trying to catch up to the security technology and practices used in private industry. “The DoD and especially NSA are known for awesome cyber security, but this seems somewhat misplaced,” said Healey, now a cyber expert at the Atlantic Council. “They are great at some sophisticated tasks but oddly bad at many of the simplest.”

Look, it brings me back to something I've said about my government before: lie better. That's your job now. Sure, it would be nice if you simply represented the people as your mandate requires, but nobody alive is gullible enough to believe that's going to happen any longer, so your new job is to at least secure all the nefarious bullshit you pull. You've got my data and you're housing it on technology that predates the iPhone? You know who might be able to help get your house in order?

Anti-intellectualism reveals its ugly head again...

As said somewhere before "A's hire A's. B's hire C's" As long as you have only A's, there's no problem. B's however, fear more for losing their own position, and hence hire less competent people than them. And so on. This seems to be a larger problem as your company size increases (since you run a higher chance of accidentally picking up that first B), and is *especially* a problem in governments. Good to see these agencies are no exception, and this is a prime example; the guy doesn't want to hire people that are actually smart enough to think and act on their own. The country is doomed.

Obama thinks everyone is stupid

when President Obama's administration puts sympathetic insiders on the board set to review all of these programs and their abuses, it teaches us that the man holding the highest office in our land thinks we're all very, very stupid.

Re: Obama thinks everyone is stupid

when President Obama's administration puts sympathetic insiders on the board set to review all of these programs and their abuses, it teaches us that the man holding the highest office in our land thinks we're all very, very stupid.

Re: Over qualified...

All despotic organizations have this mentality, and it stems from protection of their own position, not even of the organization. No one would refuse a hire (realistically) because someone too smart will bring your organization down. That's a ridiculous assertion (even if true in this case). No, they will prevent brilliance from coming in because it puts their own cushy job at risk (what if this brilliant guy actually wants to be doing what i do. He'll get it. So ill say no now).

The narrative the government/NSA seems to be going for is that Snowden was somehow some sort of super spy genius hacker that somehow defeated all of the NSA's complex defences like the computer nerd main character in a terrible hacker movie. The point they are trying to stress is that it wasn't the NSA's fault. It was this genius guy. The NSA could never, ever fail so badly at security, right?

Wrong. The reality is this: Snowden was a systems administrator. He had privileged access to many machines. The fault for what he managed to "steal" lies solely in the NSA as an organization for failing to compartmentalize the access to sensitive information in such a way that a single user (friend or foe) could not have access to most (or all) of it and to have proper checks in place to ensure that users were not abusing their privileges. The NSA failed at basic computer security, which, to me, seems somewhat ironic given that they have "Security" right there in their name.

This story only shows a massive failure in the implementation of proper security procedures and a highlights the complete lack of internal auditing on the NSA's part.

Snowden was not a genius. He was good system administrator, though. Luckily for the NSA he didn't decide to sabotage it from within because I am sure that he could do it without anyone noticing until it was too late. They should thank Snowden for that.

Missing the point?

I kind of feel like this article missed the point. That being, the government wants to hire people who don't rock the boat, do what their told, and keep their head down and their eyes on their own paper. I worked in government and tried to improve my department. Now here I am, no longer working for the government.

Edward Snowden does not fit that mold though. As a go-getter, he was brilliant, but the bar is set so low in government that I'm not sure he would actually qualify as brilliant in private industry.

So, Snowden committed yet more crimes...figures.

What the post misses is that while Snowden was being criticized as being too brilliant, that comment was with respect to the apparent fact that Snowden impersonated, electronically, NSA employees to gain access to NSA files. I believe that comes under the category of hacking and fraud.

It makes sense that if you are going to violate one law, and your goal is something other than whistle blowing, that you will violate laws at will. I bet he did not use his turn signals either.

I like hiring stupid people rather than those 'elitist' smart and brilliant people who think their better then me.

Why when I had plumbing problems last year I hired a plumber who had zero experience and training. He flooded my whole basement with water when he screwed up and made the problem worse. But I still felt good knowing he didn't think he was better then me!

The NSA has as many as 40,000 employees. According to one intelligence official, the NSA is restricting its research to a much smaller group of individuals with access to sensitive documents. Investigators are looking for discrepancies between the real world actions of an NSA employee and the online activities linked to that person’s computer user profile. For example, if an employee was on vacation while the on-line version of the employee was downloading a classified document, it might indicate that someone assumed the employee’s identity.

The NSA has already identified several instances where Snowden borrowed someone else’s user profile to access documents, said the official.

From the article at http://investigations.nbcnews.com/_news/2013/08/29/20234171-snowden-impersonated-nsa-officials-sourc es-say?lite:The NSA has as many as 40,000 employees. According to one intelligence official, the NSA is restricting its research to a much smaller group of individuals with access to sensitive documents. Investigators are looking for discrepancies between the real world actions of an NSA employee and the online activities linked to that person’s computer user profile. For example, if an employee was on vacation while the on-line version of the employee was downloading a classified document, it might indicate that someone assumed the employee’s identity.

The NSA has already identified several instances where Snowden borrowed someone else’s user profile to access documents, said the official.

I’m curious to know how they knew it was Snowden and not just another privileged individual stealing top-secret data.

I think the "party line" has changed

We have gone from "he's part of the rebel alliance and a traitor!" which they were unable to convince anyone but themselves of, to "he's a Bond villian!". Not sure they're gonna get any better traction with that one.

Re:

The narrative the government/NSA seems to be going for is that Snowden was somehow some sort of super spy genius hacker that somehow defeated all of the NSA's complex defences like the computer nerd main character in a terrible hacker movie.

Exactly right. This is just another attempt to change the subject and control the narrative. For the first few weeks they stuck with the usual tactic of denial and fear mongering. When that didn't work they tried to get in front of the story by giving their side before releasing documents of their own. Now they're just trying to soften up the public to accept the kangaroo court they've got planned for Snowden.

Really this is all about panic. They know there's a lot worse coming and they have no idea what to do about it. Which reminds me, I need to stock up on popcorn. I don't want to miss any of the show.

Re: So, Snowden committed yet more crimes...figures.

I had never heard that Snowden impersonated others to do what he did. In most organizations, there are people that have access to all the databases (DBAs) or all the servers (Server Admins). It is nearly impossible to set things up so that this isn't the case (it must be, because I have had access to all Production data at every company where I have worked as a Software Architect).

What keeps things honest is that most software and DBA guys are actually honest and altruistic, which keeps them on the side of their company. Put your company against them (as the NSA did to Snowden here by violating the Constitution) and all bets are off, although typically they just go to another job that they agree with more.

Re: Anti-intellectualism reveals its ugly head again...

A good soldier is an obedient soldier. If Snowden doesn't follow procedures to a t, everything crashes! The people designing the system were smart so how dare someone critizise it? etc. etc.

It is not generally fallacious logic, but disciplin cannot allow people asking too many questions since not answering is kind of enforcing a belief that something can be improved. That it can be improved a lot should be a given, but shut up and take the good with the bad. Then, at least, nothing will get worse.

Re: So, Snowden committed yet more crimes...figures.

What the post misses is that while Snowden was being criticized as being too brilliant, that comment was with respect to the apparent fact that Snowden impersonated, electronically, NSA employees to gain access to NSA files. I believe that comes under the category of hacking and fraud.

He was a sysadmin, which as earlier articles note, enabled him to do exactly that, not through "hacking and fraud" but because that can be useful as a sysadmin in determining where a problem is (i.e., user Z is having such-and-such a problem, log-in as user Z and see if you can replicate...).

This once again brings to light the problem that no one seems to grasp

The reason the NSA spying is a bad thing isn't just because of the gross privacy violations, it's because there is no reason to believe that the NSA is even secure. Your bank probably has higher safeguards for your information than the NSA does on the merit that they have to be certified, the NSA doesn't, and they don't even have to follow their own laws about what is or isn't secure practice.

Of course no one seems to care about that, no one seems to think that the NSA could ever have leaks or be compromised by someone who seriously wants to harm or exploit American's identity. Despite all the evidence to the contrary.

Its not wise to leave your door open, and its still illegal to walk in someones house even if there door is open, however, if one doesnt lock the door and gets robbed i doubt robber is going to be called brilliant.

My point is, i dont believe snowden did anything brilliant, but i am 100% sure that NSA had there network setup incompetently.

Re: Re:

Far too obvious.

Much more useful would be jobs with innocuous names like "lpd" that sporadically wrote random bytes into random locations in random files, then exec'd new instances of themselves with other innocuous names and continued.

Source: finding this very thing running at a client's site when they reported odd file corruption that they could never quite seem to track down. Regrettably, they waited six months to do so.

Re:

This, with the small modification that it's not indicative of the network being set up improperly so much as the access controls being set up improperly. "su " should never be the command that gets you unfettered access to sensitive data.

Not many people can deal with an employee who runs rings around them in the smart stakes. If this is the case, the smart employee often gets frustrated and bored, and finds things to interest them other than the "main task" (such as building a better toaster, or breaking the NSA's security).

Re: Re: So, Snowden committed yet more crimes...figures.

System admins are not permitted to use the credentials of another user. In the many times I have been helped by an admin, they have me log in with my credentials, then they gain access to my account. When a sysadmin gains the login credentials of another person, while it may be as simple as looking for paper around their desk, looking over their shoulder, or guessing passwords, it is called hacking.

Re: So, Snowden committed yet more crimes...figures.

You keep whining about how he broke whatever the petty laws you can come with and ignoring the fact that the leaks were incredibly beneficial and sparked a much needed debate on the unconstitutional mass surveillance. Care to share with us how he could have done it without running away? And don't come with the bs of legal channels because it has been proven they aren't an option.

Re: Re: So, Snowden committed yet more crimes...figures.

Except...the debate is so focused on Snowden, and increasingly on his behavior, that any benefit he might have provided is quickly getting lost. Furthermore, the behavior has not led most people to question the behavior of the government, but how the leaks were permitted to happen. I guess if you want an even more paranoid government that keeps on restricting the flow of information, then Snowden is beneficial.

I have a friend who insists the NSA are "the brightest and the best". (Perhaps because his father wrote for Stars & Stripes, his step-father was a deputy director at the NSA, and his mother - who he believes doesn't work for the NSA - still attends the weekly/daily briefings.)

I say he's off the mark on ALL counts, as this article so rightly points out.